[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-1.2.1-193-g40ed10a
noreply at openinfosecfoundation.org
noreply at openinfosecfoundation.org
Mon Mar 19 12:09:00 UTC 2012
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 40ed10ab3857f68058bd094f501a20b16e838b9f (commit)
via 7115fa3e727a7a1cabfd60bf2caff07a1d864c37 (commit)
via 5ffb050ada6b2e9b22e94ef8f11ba11e38f5922e (commit)
via 3faed5fe794fb1d6fdd3d7ae7542c4313fbb639b (commit)
via d01589c9d8f47d6915565011ba6af59c02462fcd (commit)
via 0fa14292c0d630f3aacf20175e31dbd4f8d6ffa6 (commit)
via 4e417b72b54ab7bd3a59d92db1cf529a745909e6 (commit)
via e252048900911693fc60b25574181582fce78c75 (commit)
via d866f389820f64eaddd252bf10e284fcd0cd1702 (commit)
via 218b5d3ba032f8b7e158ab2325d13b51e0007450 (commit)
via 3df341dbeb0cec1a83198fc7c22d4fb3be590480 (commit)
via 71fa4a528543612231d73baef6025436aa38105c (commit)
via a9bb17e09760ba3951ab094101f53b2d81d68af1 (commit)
via 01c7e5bde642078c3690283c8bfb1b7ef73ed42e (commit)
via 480db00fd770991a1a9dbcccfbadb24070f57e69 (commit)
via 8f885ce8108dd1885bd5fec8d55cb111890a82e8 (commit)
via d1c56e810b4152b62e35cc5d2dd29501ac09c16f (commit)
via cb1a75fc9e8d162eaa4777de313cd005c0742b01 (commit)
via 5a65a17f00f434e4711d0b704f33e475f5358c40 (commit)
via 6c2c6cfface88c83f92dff4df7159d13f4e853ff (commit)
via 8457ce3b111f2c223f9a2122180c054b4f862490 (commit)
via 4bb5e2a79d6aaadbb0ed12bbf1378f6a61c45e5d (commit)
via 38c213cb842c367c46958376e24bc183c7154570 (commit)
via fce2437dc22f961e82c1ac768a77178df32765b3 (commit)
via ad0e05a1123a341be95a06419dc6b029e84a2a31 (commit)
via afba81bb27c8c2fc1cd5c9ccb68cf67da5687d67 (commit)
via 53e5421a24621b5b37bf6c85ca68b903a82006bf (commit)
via 4be65fd0162fa3ba6381629a980cca1452f7ea2e (commit)
via f77fcdb3e8df731a4d1d642b1da8eb9f242fd1db (commit)
via 0b3f6c464a07df13a2b81c5fcf9535ce3db14bb1 (commit)
via 109662450d45fa92270be8a7bd373ae1bd94119f (commit)
via 7511fa67cd57a6add93dcbf89e101fb0f7ad0ce7 (commit)
via 9376967e65cac9a62d36dd780033ddc3df60c9c8 (commit)
via 0bb4ff34b8f8d96596103c0c0854009078da605d (commit)
via 617edf469c9961f026bc2804230c3124c1c35d7d (commit)
via feff6f7705b4ce4b36bf07d7145d5dc064bc8a36 (commit)
via 85c364da09b4c968a783fc04e00b54d7f831ef4b (commit)
via d908e707d72923cee0712644d223bd8bf6223d4a (commit)
via 41e9dba20bdf74344f352e05431aa27d9550e527 (commit)
via ff8755af5c1b89a7f17b2150522bc9523d4c6a1c (commit)
via 9696902b68c6a0f3746282f8f9d026686a2508ab (commit)
from e581ec7dffab8fbf0c791037e7db5df8e0b58b03 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 40ed10ab3857f68058bd094f501a20b16e838b9f
Author: Victor Julien <victor at inliniac.net>
Date: Wed Mar 14 13:32:40 2012 +0100
Minor flowq updates.
commit 7115fa3e727a7a1cabfd60bf2caff07a1d864c37
Author: Anoop Saldanha <poonaatsoc at gmail.com>
Date: Mon Mar 12 20:17:03 2012 +0530
Introduce the address hash based flow q handler
commit 5ffb050ada6b2e9b22e94ef8f11ba11e38f5922e
Author: Anoop Saldanha <poonaatsoc at gmail.com>
Date: Mon Mar 12 19:48:49 2012 +0530
Adapt flow tmqh counters to be atomic vars. Remove support for active flows q handler. Introduce SC_ATOMIC_SET
commit 3faed5fe794fb1d6fdd3d7ae7542c4313fbb639b
Author: Anoop Saldanha <poonaatsoc at gmail.com>
Date: Thu Jan 12 16:53:02 2012 +0530
Support freeing flow q handler out ctx. Adapt unittests to use the same
commit d01589c9d8f47d6915565011ba6af59c02462fcd
Author: Anoop Saldanha <poonaatsoc at gmail.com>
Date: Thu Jan 12 16:39:47 2012 +0530
neaten flow q handler code
commit 0fa14292c0d630f3aacf20175e31dbd4f8d6ffa6
Author: Anoop Saldanha <poonaatsoc at gmail.com>
Date: Thu Jan 12 16:31:08 2012 +0530
Enable unittests for flow q handler
commit 4e417b72b54ab7bd3a59d92db1cf529a745909e6
Author: Anoop Saldanha <poonaatsoc at gmail.com>
Date: Thu Jan 12 00:03:13 2012 +0530
support flow q handler schedulers active_flows and active_packets. Support new yaml option autofp_scheduler. Support for printing q handler stats as well
commit e252048900911693fc60b25574181582fce78c75
Author: Anoop Saldanha <poonaatsoc at gmail.com>
Date: Tue Dec 27 17:56:13 2011 +0530
support for custom flow qhandlers - round robin support added
commit d866f389820f64eaddd252bf10e284fcd0cd1702
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date: Tue Mar 13 22:08:39 2012 +0100
TLS: add variable to store the error code in the decoder
Use a variable to store the decoding error code if required, and remove
the calls to SCLogInfo and SCLogDebug.
commit 218b5d3ba032f8b7e158ab2325d13b51e0007450
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date: Sat Mar 3 14:11:38 2012 +0100
TLS app layer: misc fixes, reorder some fields to same memory
commit 3df341dbeb0cec1a83198fc7c22d4fb3be590480
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date: Tue Feb 28 15:08:43 2012 +0100
Add TLS decode events
commit 71fa4a528543612231d73baef6025436aa38105c
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date: Mon Feb 27 17:23:24 2012 +0100
TLS: replace SigMatchAppendAppLayer with SigMatchAppendSMToList
commit a9bb17e09760ba3951ab094101f53b2d81d68af1
Author: Eric Leblond <eric at regit.org>
Date: Mon Dec 19 11:14:21 2011 +0100
tls-handshake: add sanity checks.
commit 01c7e5bde642078c3690283c8bfb1b7ef73ed42e
Author: Eric Leblond <eric at regit.org>
Date: Mon Dec 19 10:22:06 2011 +0100
tls-handshake: Add some missing free in error handling.
When DecodeAsn1BuildValue function fails, it may be necessary to
do some clean-up in the calling functions.
commit 480db00fd770991a1a9dbcccfbadb24070f57e69
Author: Eric Leblond <eric at regit.org>
Date: Mon Dec 19 10:20:50 2011 +0100
tls-handshake: DecodeAsn1BuildValue should return -1 for error
This patch modifies DecodeAsn1BuildValue to have it return -1 when
there is a too big number of bytes announced in the ASN.1 message.
commit 8f885ce8108dd1885bd5fec8d55cb111890a82e8
Author: Eric Leblond <eric at regit.org>
Date: Mon Nov 28 10:14:28 2011 +0100
TLS parser: add sanity checks on loop
It was possible in some loop to read data placed after the buffer
resulting in invalid/unpredictable value. This patch fixes two of
this issues.
commit d1c56e810b4152b62e35cc5d2dd29501ac09c16f
Author: Eric Leblond <eric at regit.org>
Date: Sun Nov 27 12:28:36 2011 +0100
TLS parser: add sanity check
commit cb1a75fc9e8d162eaa4777de313cd005c0742b01
Author: Eric Leblond <eric at regit.org>
Date: Fri Nov 25 18:40:34 2011 +0100
TLS parser: modify OCTETSTRING
This patch does on over allocation of 1 for the OCTETSTRING
to be able to add a 0 at the end. This will then
allow us to use the string in printf.
commit 5a65a17f00f434e4711d0b704f33e475f5358c40
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date: Sat Mar 3 15:18:23 2012 +0100
TLS parser: add handing of UTF8STRING
Some certificate contains UTF8STRING which is a subset of
OCTETSTRING. This patch adds support for this type of string.
commit 6c2c6cfface88c83f92dff4df7159d13f4e853ff
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date: Sat Mar 3 15:18:07 2012 +0100
TLS keywords: fix match regex (remove extra space)
commit 8457ce3b111f2c223f9a2122180c054b4f862490
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date: Sat Mar 3 15:17:14 2012 +0100
TLS app layer: rewrite decoder to handle multiple messages in records
Since we now parse the content of the TLS messages, we need to handle
the case multiple messages are shipped in a single TLS record, and
taking care of the multiple levels of fragmentation (message, record,
and TCP).
Additionally, fix a bug where the parser state was not reset after an
empty record.
commit 4bb5e2a79d6aaadbb0ed12bbf1378f6a61c45e5d
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date: Thu Nov 24 17:50:47 2011 +0100
TLS app layer: fix number of bytes processed on SERVER_CERTIFICATE message.
Change the function to return the number of bytes processed, and fix a bug
where the input buffer was wrong.
Signed-off-by: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
commit 38c213cb842c367c46958376e24bc183c7154570
Author: Eric Leblond <eric at regit.org>
Date: Wed Nov 9 15:55:43 2011 +0100
tls app layer: add missing free
issuerdn was not freed at exit.
commit fce2437dc22f961e82c1ac768a77178df32765b3
Author: Eric Leblond <eric at regit.org>
Date: Wed Nov 9 15:14:21 2011 +0100
tls app layer: handle negation on subject and issuerdn.
This patch adds negation support for tls.subject and tls.issuerdn
matches.
commit ad0e05a1123a341be95a06419dc6b029e84a2a31
Author: Eric Leblond <eric at regit.org>
Date: Wed Nov 9 11:37:12 2011 +0100
TLS app layer: Add tls.issuerdn keyword.
commit afba81bb27c8c2fc1cd5c9ccb68cf67da5687d67
Author: Eric Leblond <eric at regit.org>
Date: Tue Nov 8 15:46:59 2011 +0100
decode ASN.1: Factorize value reading
This patch factorizes the reading of integer value and fix some
indentation. By convention, a value of 0xffffffff is returned
if the size of the integer is too big. In this case, the hexadecimal
value (which is also read) must be used.
commit 53e5421a24621b5b37bf6c85ca68b903a82006bf
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date: Fri Nov 4 18:18:46 2011 +0100
TLS handshake: get TLS ciphersuite and compression
Decode the SERVER_HELLO message to extract the ciphersuite and compression
chosen by the server.
Signed-off-by: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
commit 4be65fd0162fa3ba6381629a980cca1452f7ea2e
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date: Fri Nov 4 18:18:45 2011 +0100
TLS handshake: decode the SERVER_CERTIFICATE message
Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the
certificates and keep the subject name.
Add the tls.subject keyword for substring match in rules (TLS layer).
Signed-off-by: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
commit f77fcdb3e8df731a4d1d642b1da8eb9f242fd1db
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date: Fri Nov 4 18:18:44 2011 +0100
Add ASN.1 parser for X509 certificates (in DER format)
Signed-off-by: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
commit 0b3f6c464a07df13a2b81c5fcf9535ce3db14bb1
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 19 11:50:50 2012 +0100
Make list-app-layer-protos option name match the help explanation. Make sure it works w/o passing a config.
commit 109662450d45fa92270be8a7bd373ae1bd94119f
Author: Anoop Saldanha <poonaatsoc at gmail.com>
Date: Mon Mar 19 09:06:16 2012 +0530
Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs
commit 7511fa67cd57a6add93dcbf89e101fb0f7ad0ce7
Author: Anoop Saldanha <poonaatsoc at gmail.com>
Date: Tue Mar 13 17:05:53 2012 +0530
Add BUG_ON to avoid overruning AppLayerDetectDirection map array
commit 9376967e65cac9a62d36dd780033ddc3df60c9c8
Author: Eileen Donlon <emdonlo at gmail.com>
Date: Mon Mar 12 18:41:53 2012 -0400
reject rules with duplicate content modifiers
reject rules that have multiple depths, offsets, distances, fast_patterns, nocases, or rawbytes for the same content.
commit 0bb4ff34b8f8d96596103c0c0854009078da605d
Author: Eileen Donlon <emdonlo at gmail.com>
Date: Tue Mar 13 15:31:13 2012 -0400
added null checks for init_hash to all ac mpms
commit 617edf469c9961f026bc2804230c3124c1c35d7d
Author: Eileen Donlon <emdonlo at gmail.com>
Date: Mon Mar 12 20:31:58 2012 -0400
reject http_client_body with inconsistent flow dir
reject http_client_body with flow: to_client or from_server
commit feff6f7705b4ce4b36bf07d7145d5dc064bc8a36
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 19 10:42:40 2012 +0100
Clean up error message.
commit 85c364da09b4c968a783fc04e00b54d7f831ef4b
Author: Eileen Donlon <emdonlo at gmail.com>
Date: Wed Mar 14 12:43:38 2012 -0400
disallow-use-of-configuration-file-with-unittests
commit d908e707d72923cee0712644d223bd8bf6223d4a
Author: Victor Julien <victor at inliniac.net>
Date: Mon Mar 19 10:28:34 2012 +0100
profiling: add per lock location profiling
Add profiling per lock location in the code. Accounts how often a
lock is requested, how often it was contended, the max number of
ticks spent waiting for it, avg number of ticks waiting for it and
the total ticks for that location.
Added a new configure flag --enable-profiling-locks to enable this
feature.
commit 41e9dba20bdf74344f352e05431aa27d9550e527
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 15 16:22:47 2012 +0100
Profile pcap file callback.
commit ff8755af5c1b89a7f17b2150522bc9523d4c6a1c
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 15 12:04:26 2012 +0100
Make sure stream debug code is only used in debug mode.
commit 9696902b68c6a0f3746282f8f9d026686a2508ab
Author: Victor Julien <victor at inliniac.net>
Date: Thu Mar 15 12:01:09 2012 +0100
Small http.log improvement: bail out early if there is nothing to log. Make output locking more fine grained.
-----------------------------------------------------------------------
Summary of changes:
configure.in | 8 +
src/Makefile.am | 5 +
src/app-layer-dcerpc-udp.c | 8 +-
src/app-layer-dcerpc.c | 8 +-
src/app-layer-detect-proto.c | 84 ++-
src/app-layer-detect-proto.h | 2 +-
src/app-layer-ftp.c | 12 +-
src/app-layer-htp.c | 34 +-
src/app-layer-parser.c | 46 +-
src/app-layer-parser.h | 3 +
src/app-layer-smb.c | 26 +-
src/app-layer-smtp.c | 10 +-
src/app-layer-ssh.c | 8 +-
src/app-layer-ssl.c | 225 ++++--
src/app-layer-ssl.h | 38 +-
src/app-layer-tls-handshake.c | 194 +++++
src/{util-strlcpyu.c => app-layer-tls-handshake.h} | 56 +--
src/decode.h | 8 +
src/detect-depth.c | 5 +
src/detect-distance.c | 5 +
src/detect-fast-pattern.c | 4 +
src/detect-http-client-body.c | 5 +
src/detect-nocase.c | 4 +
src/detect-offset.c | 5 +
src/detect-rawbytes.c | 4 +
src/detect-tls.c | 523 +++++++++++++
src/{util-strlcpyu.c => detect-tls.h} | 62 +--
src/detect.c | 2 +
src/detect.h | 3 +
src/flow-util.h | 8 +
src/flow.h | 3 +
src/log-httplog.c | 13 +-
src/runmode-pcap-file.c | 1 +
src/source-pcap-file.c | 4 +
src/stream.c | 9 +-
src/suricata.c | 38 +-
src/threads.h | 109 +++-
src/threadvars.h | 1 +
src/tm-threads.c | 19 +
src/tmqh-flow.c | 292 ++++++--
src/tmqh-flow.h | 19 +
src/tmqh-simple.c | 4 +-
src/util-atomic.h | 25 +
src/util-decode-der-get.c | 286 ++++++++
src/{util-strlcpyu.c => util-decode-der-get.h} | 58 +--
src/util-decode-der.c | 769 ++++++++++++++++++++
src/util-decode-der.h | 96 +++
src/util-error.c | 1 +
src/util-error.h | 1 +
src/util-mpm-ac-bs.c | 8 +-
src/util-mpm-ac-gfbs.c | 8 +-
src/util-mpm-ac.c | 8 +-
src/util-profiling-locks.c | 233 ++++++
src/{host-timeout.h => util-profiling-locks.h} | 24 +-
src/util-profiling.c | 65 ++-
src/util-profiling.h | 21 +-
suricata.yaml.in | 19 +
57 files changed, 3133 insertions(+), 406 deletions(-)
create mode 100644 src/app-layer-tls-handshake.c
copy src/{util-strlcpyu.c => app-layer-tls-handshake.h} (54%)
create mode 100644 src/detect-tls.c
copy src/{util-strlcpyu.c => detect-tls.h} (54%)
create mode 100644 src/util-decode-der-get.c
copy src/{util-strlcpyu.c => util-decode-der-get.h} (54%)
create mode 100644 src/util-decode-der.c
create mode 100644 src/util-decode-der.h
create mode 100644 src/util-profiling-locks.c
copy src/{host-timeout.h => util-profiling-locks.h} (66%)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list